Skip to content

Commit

Permalink
Merge pull request #36 from tkuehne-deliveryhero/fix_policy
Browse files Browse the repository at this point in the history 
Fix role and trust relationship policy
  • Loading branch information
@AjayTripathy
AjayTripathy committed Nov 26, 2020
2 parents d199f85 + ffb55ab commit 529d461
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions aws-cloud-integrations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ On each sub account running kubecost, attach both of the following policies to t
]
}
```
On the masterpayer account, attach this policy to a role:
On the masterpayer account, attach this policy to a role (replace `${AthenaCURBucket}` variable):
```
{
"Version": "2012-10-17",
Expand Down Expand Up @@ -239,14 +239,14 @@ On the masterpayer account, attach this policy to a role:
"Sid": "AthenaQueryResultsOutput",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation"
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject,
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
Expand All @@ -266,15 +266,15 @@ On the masterpayer account, attach this policy to a role:
]
}
```
You will then need to add the following trust statement to the role the policy is attached to:
You will then need to add the following trust statement to the role the policy is attached to (replace `${KubecostClusterID}` variable):
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": `'arn:aws:iam::${KubecostClusterID}:root'`
"AWS": "arn:aws:iam::${KubecostClusterID}:root"
},
"Action": [
"sts:AssumeRole"
Expand Down

0 comments on commit 529d461

Please sign in to comment.